A (tiny, incomplete, single user, write-only) ActivityPub server in PHP


Screenshot of a map. There is a pop-up containing an image of me drinking a pint.

I've written an ActivityPub server which only allows you to post messages to your followers. That's all it does. It won't record favourites or reposts. There's no support for following other accounts or receiving replies. It cannot delete or update posts nor can it verify signatures. It doesn't have a database or any storage beyond flat files. But it will happily send messages and allow itself to be followed. This shows that it is totally possible to broadcast fully-featured ActivityPub…

Continue reading →

Rebuilding FourSquare for ActivityPub using OpenStreetMap


Map of London with several bits highlighted.

I used to like the original FourSquare. The "mayor" stuff was a bit silly, and my friends never left that many reviews, but I loved being able to signal to my friends "I am at this cool museum" or "We're at this pub if you want to meet" or "Spending the day at the park". So, is there a way to recreate that early Web 2.0 experience with open data and ActivityPub? Let's find out! This quest is divided into two parts. Get nearby "Points of Interest" (POI) from OpenStreetMap. Share a location…

Continue reading →

An open(ish) redirect on Mastodon


Cartoon of a tusked mastodon holding a phone.

I've responsibly disclosed a small security issue with Mastodon (GHSA-8982-p7pm-7mqw). It allows a sufficiently determined attacker to use any Mastodon instance to redirect unwary users to a malicious site. What do you think happens if you visit: https://mastodon.social/@PasswordReset/111285045683598517/admin? If you aren't logged in to that instance, it will redirect you to a 3rd party site. Try opening it in a private browser window. Here's another, less convincing, demo: …

Continue reading →

This blog is now on the Fediverse!


Setting screen showing the blog being enabled.

You can now have this blog federated to your social media site by following @blog@shkspr.mobi If you're on Mastodon, it should look something like this: You should be able to follow it on Lemmy, kBin, PixelFed, and some cool social network I've never heard of. How This blog runs on WordPress. Thanks to the tireless work of Matthias Pfefferle, there's now an official WordPress ActivityPub plugin. It's pretty easy to set up - just install and click on settings. But there are a few niggles …

Continue reading →

Federation is pretty cool, but kinda confusing, and maybe a little scary


Otome-chan says: "See here. you can see this mastodon user's post (which to them looks like a regular tweet on twitter does) ends up in our random microblogs section. We can also view their profile directly as well as follow them to have their posts appear in our microblogs (as well as threads if they go out of their way to make one). It seems kbin microblogs appear as threads/comments to you on lemmy. so I have to imagine mastodon posts might be similar?"

Last week, this strange mention appeared on my Mastodon feed. After a bit of clicking around, I figured out what had happened. A user on the Kbin social network had linked to my Mastodon profile. Thanks to the magic of the ActivityPub protocol, it filtered into my mentions - even though I've never even heard of Kbin. That's pretty cool! A user on one social network can mention a user on a different social network - neither needs to be registered on the other. And that is where things get a…

Continue reading →

How do you decentralise emergency alerts?


Cartoon of a tusked mastodon holding a phone.

Twitter's decision to hobble its API has meant that a number of useful alerting bots might no longer function. Your local subway might not be able to Tweet each morning about delays on the line, nor will a tornado warning be displayed as you scroll through photos of brunch, and forget about flood alerts between your memes. In one sense, this is sad. A set of useful public services are being cut off from their audience. My friend, Bill Thompson, described this as "unnecessary disruption" I, on…

Continue reading →